[21510] in North American Network Operators' Group
Re: Exodus / Clue problems
daemon@ATHENA.MIT.EDU (TTSG)
Mon Nov 16 08:19:06 1998
From: TTSG <ttsg@ttsg.com>
To: alex@netaxs.com (Alex \"Mr. Worf\" Yuriev)
Date: Mon, 16 Nov 1998 07:55:56 -0500 (EST)
Cc: ttsg@ttsg.com, mcs@1ipnet.net, nanog@merit.edu
In-Reply-To: <Pine.SUN.3.95.981116073105.25594p-100000@access.netaxs.com> from "Alex \"Mr. Worf\" Yuriev" at Nov 16, 98 07:32:05 am
>
> > >
> > > The owner did not allow any further action to the box except to have it
> > > removed from the network . So until the owner sends someone in to clean up
> > > we won't know anything more.
> > >
> > 8-( Did Exodus atleast try to do some sniffing of traffic or
> > captures at the router or SOMETHING? Or will we never know anything more
> > about this?
>
> The way to deal with owners like this is to have a good contact with FBI
> folks that investigate this stuff. Believe it or not, FBI is quite
> efficient in obtaining evidence ;)
>
My big carrot stick (I'm a veggie, so I don't eat beef) is that if
the person was connected to the box (And it wasn't just a script running)
we could have done more tracing.
If they weren't, we could atleast try to find out how/what they
were doing and see if there is a new advisory that should be published.
Now we have to deal with AFTER the fact, instead of IN-PROGRESS.
Tuc/TTSG
